Exchange: Me, my iPhone and Ms Exchange



I've always thought that mobile phones should be made to make phone calls. Period. Then a good friend of mine has bought an iPhone 4 and gracefully decided to give his old 3G to me. I must admit, the iPhone is really a great toy! I started immediately to play with it and, considering that the user manual is very limited, the phone is really easy to use. The GUI is intuitive and clear. Everything is at hand and iTunes has loads and loads of apps.
I understand that these are well known characteristics, and that there are many blogs, forums and websites talking about it, but here I want to share the experience I had with the iPhone's mail handling and an in-house Exchange Server 2003.


I started to see troubles coming immediately. I followed on-line tips thoroughly but the iPhone - sadly - was always giving me "Unable to connect" or "Unable to validate account". As a complete ignorant on iPhone things, I thought it was a phone's problem. I checked my Exchange 2003 Server, checked the oma, activesync (owa was already working perfectly)... After an entire day I was nearly broken and I thought I would give up soon.
Then I tried a little piece of software called ActiveSync Tester for Windows (there's an iPhone version as well) and I immediately discovered that my ActiveSync was not really working properly. I checked the connection with IE8 (and iPhone's Safari) and it seemed ok, but it was not. The program helped me to find what was wrong... almost. Add on top of the software suggestions a little bit of experience, and I began to understand that it was an IIS problem. I checked virtual folders permissions and authentication methods and I discovered that the OMA and the Exchange virtual folders are strictly related.
Just to get to the point, the Exchange folder now has:
  1. anonymous access not checked, base and windows integrated authentication checked;
  2. domain and authentication area filled in with proper data.
I had the owa service already functioning and those configs were actually the original ones.
The OMA folder has:
  1. on virtual directory tab, read and directory browsing checked;
  2. in directory security/authentication method, the same settings as the Exchange virtual folder.
The Microsoft-Server-ActiveSync folder (and I still do not understand if that is important) has:
  1. on virtual directory tab, nothing checked for read, write or directory browsing;
  2. and in directory security/authentication method, only base authentication checked.
That seemed ok, but - hey! that was too easy - the iPhone kept being sad and not connected.
So, I checked the Exchange Server... In Global settings I looked at the Mobile Services Properties and (following other people advices) I checked every box, specifically Enable Outlook Mobile Access and Enable unsupported devices.
AAARGH! Nothing was working at all!
That was really frustrating because everything looked ok, but still not functioning as desired. Then I looked at Device security and I noticed that Enforce password on device was checked... hmmm... I noticed that the iPhone was giving me an error that looked strictly related to this and I desperately decided to check something that looked fairly reasonable: Allow access to devices that do not fully support password settings. Bingo! The emails started to flow and in seconds the iPhone was completely synchronized with my Exchange Server.
I have to say that it has been really a fight. I still don't understand why it is working, but - for what I found on expert's forums and websites - nobody was pointing that Device security setting. That is why I am writing this...
At the end, I want to tell you how the iPhone mail setting was done:
  1. email: the email address like john.smith@domain.com
  2. server: mail.domain.com (without any other folder indication - not mail.domain.com/oma which was probably another mistake I repeatedly made);
  3. domain: blank (nothing at all);
  4. username: domainname.local/john.smith (the username is completed with the domain name you used in IIS);
  5. password: the password the user uses to have access to the mailbox;
  6. SSL: in my case I do not use SSL (switched off).
And remember that in AD, the Mobile Access service must be activated for the user.
That's all folks!
Please let me know what you think about it!